If you receive a random email saying your IOTA account has “insufficient funds,” don’t click on the attachment. It’s a scam.
John Kinas, IT director for the District of Columbia Bar, reported that on October 7 the D.C. Bar’s filtering systems detected and blocked numerous email messages addressed to employees bearing a forged firstname.lastname@example.org return address.
The messages allege that the recipient’s Interest on Lawyers Trust Account (IOLTA) has insufficient funds to pay an outstanding check and includes a .zip file attachment purportedly containing additional information that is presumed to contain malware.
“There is a strong possibility that these messages are part of a broader phishing attack targeted to legal professionals,” said Kinas, adding the email headers indicate the messages were sent from several different email servers scattered across the globe.
Jane Curran, executive director of The Florida Bar Foundation – which oversees Florida’s IOTA program – said payees of checks written on IOTA accounts would not email any state bar, IOLTA program, or trust account holder with such a request.
“Even in states where banks sign agreements to advise the bar of an overdraft, such an email would not be sent,” Curran said.
The text of the fraudulent message reads:
“Please see the attached IOLTA report for 7448-1996. We received a check request in the amount of $19,521.42 for the above referenced file. However, the attached report reflects a $0 balance. At your earliest convenience, please advise how this request is to be funded. Thanks.
National Bankruptcy Services, LLC
9441 LBJ Freeway, Suite 250
Dallas, TX 75245